PDO has no security benefits over MySQLi whatsoever. In fact, it's somewhat less secure, because if you don't know what you're doing, you'll be running around with those "emulated prepared statements". And that's a problem.

Personally, however, I still go with PDO, because I don't like fumbling with low-level methods like bind() and fetch(). And MySQL is not the only database system I use.

Why canít I use certain words like "drop" as part of my Security Question answers?
There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

PDO has no security benefits over MySQLi whatsoever. In fact, it's somewhat less secure, because if you don't know what you're doing, you'll be running around with those "emulated prepared statements".

If you don't know what you are doing, you probably will be in more trouble without some rudimentary PDO knowledge. And thanks to you, I no longer use emulated prepared statements (and if others change also, make sure you compiled PHP with the correct libraries or you will have a host of phantom errors!).